gitgolem 0.1.1

data/lib/golem/command/auth.rb

@@ -0,0 +1,27 @@
+# Command for authorization. Checks authenticated (via sshd) user's access to given repository, if access granted creates repository if needed and calls git-shell.
+class Golem::Command::Auth < Golem::Command::Base
+    # @private
+    USAGE = "user (defaults to GOLEM_USER env)\nused for authorizing users, called by sshd (via keys file), calls git-shell"
+    # Regexp to check for git commands.
+    RE_CMD = /\A\s*(git[ \-](upload-pack|upload-archive|receive-pack))\s+'([^.]+).git'/
+
+    # Run the command. Git command is read from ENV['SSH_ORIGINAL_COMMAND']. Set environment variables (for hooks) and call git-shell if access granted.
+    # @param [String] user the user to run as.
+    def run(user = ENV['GOLEM_USER'])
+	abort 'Please use git!' unless matches = (ENV['SSH_ORIGINAL_COMMAND'] || '').match(RE_CMD)
+	cmd, subcmd, repo = matches[1, 3]
+	abort 'You don\'t have permission!' unless Golem::Access.check(user, repo, subcmd)
+	command(:create_repository, repo) unless File.directory?(Golem::Config.repository_path(repo))
+	set_env(user, repo)
+	exec "git-shell", "-c", "#{cmd} '#{ENV['GOLEM_REPOSITORY_PATH']}'"
+    end
+
+    private
+	def set_env(user, repo)
+	    {
+		'GOLEM_USER' => user,
+		'GOLEM_REPOSITORY_NAME' => repo,
+		'GOLEM_REPOSITORY_PATH' => Golem::Config.repository_path(repo),
+	    }.each {|k, v| ENV[k] = v}
+	end
+end

data/lib/golem/command/clear_repositories.rb

@@ -0,0 +1,16 @@
+# Command for clearing repositories, suitable for cron.
+class Golem::Command::ClearRepositories < Golem::Command::Base
+    # @private
+    USAGE = "\nclear .git directories not found in database"
+
+    # Run the command. Removes every '*.git' directory in {Golem::Config.repository_base_path}
+    # unless {Golem::Access.repositories} includes repository. Calls {Golem::Command::DeleteRepository}.
+    def run
+	repos = Golem::Access.repositories
+	Dir.glob(Golem::Config.repository_base_path + '/*.git').each do |repo_path|
+	    repo = File.basename(repo_path)[0..-5]
+	    next if repos.include?(repo)
+	    command :delete_repository, repo
+	end
+    end
+end

data/lib/golem/command/create_repository.rb

@@ -0,0 +1,20 @@
+# Command for creating a repository.
+class Golem::Command::CreateRepository < Golem::Command::Base
+    include Golem::Command::ManageHooks
+    # @private
+    USAGE = "name\ncreate a repository and install hooks"
+
+    # Run the command. Installs hooks with {#install_hooks}.
+    # @param [String] name repository name.
+    def run(name)
+	path = Golem::Config.repository_path(name)
+	abort "Repository already exists!" if File.directory?(path)
+	pwd = Dir.pwd
+	Dir.mkdir(path, 0700)
+	Dir.chdir(path)
+	system('git --bare init ' + (verbose? ? '>&2' : '>/dev/null 2>&1'))
+	print "Repository #{path} created, installing hooks...\n" if verbose?
+	install_hooks(name)
+	Dir.chdir(pwd)
+    end
+end

data/lib/golem/command/delete_repository.rb

@@ -0,0 +1,14 @@
+# Command for deleting a repository.
+class Golem::Command::DeleteRepository < Golem::Command::Base
+    # @private
+    USAGE = "name\ndelete a specific repository"
+
+    # Run the command.
+    # @param [String] name repository name.
+    def run(name)
+	repo_path = Golem::Config.repository_path(name)
+	abort 'Repository not found!' unless File.directory?(repo_path)
+	system("rm -rf #{repo_path}")
+	print "Removed repository #{repo_path}\n" if verbose?
+    end
+end

data/lib/golem/command/environment.rb

@@ -0,0 +1,11 @@
+# Command for listing configuration variables.
+class Golem::Command::Environment < Golem::Command::Base
+    # @private
+    USAGE = "\nlist configuration values"
+
+    # List configuration variables that are set.
+    def run
+	print "Configuration values:\n"
+	print Golem::Config.config_hash.collect {|k, v| "\t " + k.to_s + ": " + v.to_s}.join("\n") + "\n"
+    end
+end

data/lib/golem/command/save_config.rb

@@ -0,0 +1,11 @@
+# Command to save configuration file.
+class Golem::Command::SaveConfig < Golem::Command::Base
+    # @private
+    USAGE = "\nsave the configuration file\nPLEASE NOTE: this may destroy (overwrite) your old config (and thus destroy your static database)"
+
+    # Run the command. Calls {Golem::Config.save!}.
+    def run
+	Golem::Config.save!
+	print "Config was saved to #{Golem::Config.cfg_path.to_s}\n" if verbose?
+    end
+end

data/lib/golem/command/setup_db.rb

@@ -0,0 +1,11 @@
+# Command to setup the database schema (only useful for {Golem::DB::Pg}).
+class Golem::Command::SetupDb < Golem::Command::Base
+    # @private
+    USAGE = "\nsetup database schema\nPLEASE NOTE: this is useful for postgres database only"
+
+    # Run the command. Calls {Golem::DB.setup}.
+    def run
+	Golem::DB.setup
+	print "Database schema is set up at #{Golem::Config.db.to_s}\n" if verbose?
+    end
+end

data/lib/golem/command/update_hooks.rb

@@ -0,0 +1,14 @@
+# Command for updating hooks in repositories.
+class Golem::Command::UpdateHooks < Golem::Command::Base
+    include Golem::Command::ManageHooks
+    # @private
+    USAGE = "\nupdate hooks in every repository (please note: deletes old hooks and symlinks new ones)"
+
+    # Run the command. It runs {#clear_hooks} and {#install_hooks} on every repository.
+    def run
+	Golem::Access.repositories.each do |repo|
+	    clear_hooks(repo)
+	    install_hooks(repo)
+	end
+    end
+end

data/lib/golem/command/update_keys_file.rb

@@ -0,0 +1,39 @@
+# Command for updating the .ssh/authorized_keys file.
+class Golem::Command::UpdateKeysFile < Golem::Command::Base
+    # @private
+    USAGE = "\nupdate authorized_keys file with values from database"
+    # Content mark to identify automatically updated part of file.
+    CONTENT_MARK = "# golem keys - do not place lines below, because the content gets rewritten (AND DO NOT EDIT THIS LINE!)"
+    # Default SSH(D) options to set if using command="" style keys file.
+    SSH_OPTS_COMMAND_DEFAULT = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
+
+    # Run the command. Old content is preserved, searched for {CONTENT_MARK}, and only content after the mark gets replaced.
+    def run
+	orig_content = File.exists?(Golem::Config.keys_file_path) ? File.read(Golem::Config.keys_file_path) : ""
+	new_content = if orig_content.match(Regexp.new('^' + Regexp.escape(CONTENT_MARK) + '$'))
+	    orig_content.sub(Regexp.new('^' + Regexp.escape(CONTENT_MARK) + '$.*\z', Regexp::MULTILINE), CONTENT_MARK + "\n" + keys_str)
+	else
+	    orig_content + "\n" + CONTENT_MARK + "\n" + keys_str
+	end
+	File.open(Golem::Config.keys_file_path, "w") {|f| f.write(new_content)}
+    end
+
+    private
+	def keys_str
+	    Golem::Access.ssh_keys.collect {|user, keys| keys.collect {|key| keys_file_line(user, key)}.join("\n")}.join("\n") + "\n"
+	end
+
+	def keys_file_line(user, key)
+	    first_part = if Golem::Config.keys_file_use_command
+		"command=\"#{Golem::Config.bin_dir + '/golem'} auth '#{user}'\""
+	    else
+		"environment=\"GOLEM_USER=#{user}\""
+	    end
+	    ssh_opts = if Golem::Config.keys_file_ssh_opts.nil?
+		Golem::Config.keys_file_use_command ? ",#{SSH_OPTS_COMMAND_DEFAULT}" : ""
+	    else
+		"," + Golem::Config.keys_file_ssh_opts.to_s
+	    end
+	    "#{first_part}#{ssh_opts} #{key}"
+	end
+end

data/lib/golem/config.rb

@@ -0,0 +1,112 @@
+# Configuration management.
+module Golem::Config
+    # List of paths config file is searched for.
+    CFG_PATHS = ["/usr/local/etc/golem/golem.conf.rb", "/usr/local/etc/golem.conf.rb", "/etc/golem/golem.conf.rb", "/etc/golem.conf.rb", "~/golem.conf.rb"]
+    # List of available config variable names.
+    CFG_VARS = [:db, :user_home, :repository_dir, :cfg_path, :base_dir, :bin_dir, :hooks_dir, :keys_file_use_command, :keys_file_ssh_opts]
+
+    # Auto configure Golem. Tries to find config file, if one can be found executes it, otherwise calls {configure}.
+    # @param [String] path path to config file.
+    def self.auto_configure(path = nil, &block)
+	path = if ENV.key?('GOLEM_CONFIG') && File.exists?(ENV['GOLEM_CONFIG'])
+	    ENV['GOLEM_CONFIG']
+	elsif ENV.key?('GOLEM_BASE') && File.exists?(ENV['GOLEM_BASE'].to_s + "/golem.conf.rb")
+	    ENV['GOLEM_BASE'].to_s + "/golem.conf.rb"
+	else
+	    CFG_PATHS.find {|try_path| File.exists?(try_path)}
+	end unless File.exists?(path.to_s)
+	if File.exists?(path.to_s)
+	    @auto_configure_path = path.to_s
+	    @auto_configure_block = block
+	    require path.to_s
+	end
+	configure path unless @vars #configure was not called or there was no config file
+    end
+
+    # Configure Golem with options given as argument, yield self then setting defaults.
+    # @overload configure(path, &block)
+    #   @param [String] path path to config file (interpreted as <i>:cfg_path => path</i>).
+    # @overload configure(opts, &block)
+    #   @param [Hash] opts options or single path .
+    #   @option opts [String] :db db configuration (postgres url or 'static'),
+    #   @option opts [String] :user_home (ENV['HOME']) path  to user's home directory (needed to place .ssh/authorized_keys),
+    #   @option opts [String] :repository_dir (user_home + '/repositories') path to repositories, may be relative to +user_home+,
+    #   @option opts [String] :cfg_path (base_dir + '/golem.conf.rb') path config file,
+    #   @option opts [String] :base_dir path to base, defaults to in order ENV['GOLEM_BASE'], basedir of config file (if exists), basedir of library,
+    #   @option opts [String] :bin_dir (base_dir + '/bin') path to directory containing the executables,
+    #   @option opts [String] :hooks_dir (base_dir + '/bin') path to directory containing hooks,
+    #   @option opts [Boolean] :keys_file_use_command controls (false) the .ssh/authorized_keys file syntax (<i>command=""_ or _environment=""</i>), see {file:README#keys_file authorized_keys},
+    #   @option opts [String] :keys_file_ssh_opts (nil) the ssh options to set in .ssh/authorized_keys file, see {file:README#keys_file authorized_keys}.
+    # @return [Config] self.
+    def self.configure(opts_or_path = nil, &block)
+	opts = opts_or_path.is_a?(Hash) ? opts_or_path : {:cfg_path => opts_or_path}
+	opts[:cfg_path] = @auto_configure_path if @auto_configure_path
+	@vars = opts.reject {|k, v| ! CFG_VARS.include?(k)}
+	@auto_configure_block.call(self) if @auto_configure_block
+	yield self if block_given?
+	self.user_home = ENV['HOME'] if user_home.nil? && ENV.key?('HOME')
+	self.repository_dir = user_home + "/repositories" unless repository_dir
+	unless base_dir
+	    self.base_dir = if ENV.key?('GOLEM_BASE')
+		ENV['GOLEM_BASE']
+	    elsif File.exists?(cfg_path.to_s)
+		File.dirname(cfg_path.to_s)
+	    else
+		File.expand_path(File.dirname(__FILE__) + '/../..')
+	    end
+	end
+	self.cfg_path = base_dir + '/golem.conf.rb' unless cfg_path
+	self.bin_dir = base_dir + '/bin' unless bin_dir
+	self.hooks_dir = base_dir + '/hooks' unless hooks_dir
+	self.keys_file_use_command = false unless keys_file_use_command
+	self
+    end
+
+    # Override +respond_to?+ to respond to +.config_var+ and +.config_var=+ (e.g. Golem::Config.db = 'static').
+    def self.respond_to?(sym)
+	CFG_VARS.include?(sym) || (sym.to_s.match(/=\z/) && CFG_VARS.include?(sym.to_s[0..-2].to_sym)) || super
+    end
+
+    # Override +method_missing+ to handle +.config_var+ and +.config_var=+ (e.g. Golem::Config.db = 'static').
+    def self.method_missing(sym, *args, &block)
+	auto_configure unless @vars
+	return @vars[sym] if CFG_VARS.include?(sym)
+	return @vars[sym.to_s[0..-2].to_sym] = args.first if sym.to_s.match(/=\z/) && CFG_VARS.include?(sym.to_s[0..-2].to_sym)
+	super
+    end
+
+    # Get configuration variables that is set (e.g. not +nil+).
+    # @return [Hash] configuration variables.
+    def self.config_hash
+	auto_configure unless @vars
+	@vars.reject {|k, v| v.nil?}
+    end
+
+    # Write configuration to file.
+    def self.save!
+	abort "No configuration path given!" unless cfg_path
+	File.open(cfg_path, 'w') {|f| f.write("Golem.configure do |cfg|\n" + config_hash.collect {|k, v| "\tcfg.#{k.to_s} = \"#{v.to_s}\""}.join("\n") + "\nend\n")}
+    end
+
+    # @return [String] path to +authorized_keys+ file.
+    def self.keys_file_path
+	user_home + "/.ssh/authorized_keys"
+    end
+
+    # @return [String] path to directory containing repositories.
+    def self.repository_base_path
+	(repository_dir[0..0] == "/" ? '' : user_home + '/') + repository_dir
+    end
+
+    # @param [String] repo repository name.
+    # @return [String] path to given repository.
+    def self.repository_path(repo)
+	repository_base_path + '/' + repo.to_s + '.git'
+    end
+
+    # @param [String] hook hook name.
+    # @return [String] path to given hook.
+    def self.hook_path(hook)
+	hooks_dir + "/" + hook.to_s
+    end
+end

data/lib/golem/db.rb

@@ -0,0 +1,46 @@
+# Database handling. See {Golem::DB::Pg} and {Golem::DB::Static}.
+#
+# A +db+ should respond to 4 methods: +users+, +repositories+, +ssh_keys+, +setup+.
+# The first 3 should take a single hash argument (options) and return an array/hash of results, +setup+
+# takes no arguments (it may use a block). These options should be supported:
+# * +:fields+: list of fields the results should include,
+# * +:return+: type of return value, if is +:array+ then results should be an array, hash (attribute name => value pairs) otherwise,
+# * any other key: should be interpreted as conditions (e.g. <i>:user => "name"</i> should return objects whose +user+ attribute is _name_).
+module Golem::DB
+    autoload :Pg, "golem/db/pg"
+    autoload :Static, "golem/db/static"
+
+    # Proxy for the used db.
+    # @return [Pg, Static] the db currently used.
+    def self.db
+	@db ||= case Golem::Config.db
+	    when /\Apostgres:\/\// then Pg.new(Golem::Config.db)
+	    when "static" then Static.new
+	    else abort "Unknown DB (#{Golem::Config.db.to_s})."
+	    end
+    end
+
+    # Forwards to proxy's users.
+    # @return [Array, Hash] results.
+    def self.users(opts = {})
+	db.users(opts)
+    end
+
+    # Forwards to proxy's repositories.
+    # @return [Array, Hash] results.
+    def self.repositories(opts = {})
+	db.repositories(opts)
+    end
+
+    # Forwards to proxy's ssh_keys.
+    # @return [Array, Hash] results.
+    def self.ssh_keys(opts = {})
+	db.ssh_keys(opts)
+    end
+
+    # Forwards to proxy's setup.
+    # @return [] depends on proxy.
+    def self.setup(&block)
+	db.setup(&block)
+    end
+end

data/lib/golem/db/pg.rb

@@ -0,0 +1,69 @@
+require 'pg'
+
+# Postgres functionality. Requires +pg+.
+class Golem::DB::Pg
+    # Initializes +PGConn+ connection.
+    # @param [String] db_url postgres url to connect to (e.g. +postgres://user:pw@host/db+).
+    def initialize(db_url)
+	@connection ||= ::PGconn.connect(*(db_url.match(/\Apostgres:\/\/([^:]+):([^@]+)@([^\/]+)\/(.+)\z/) {|m| [m[3], 5432, nil, nil, m[4], m[1], m[2]]}))
+    end
+
+    # Retrieve users.
+    # @param [Hash] opts options, see {Golem::DB}.
+    # @return [Array] list of users.
+    def users(opts = {})
+	opts[:table] = :users
+	get(opts)
+    end
+
+    # Retrieve repositories.
+    # @param [Hash] opts options, see {Golem::DB}.
+    # @return [Array] list of repotitories.
+    def repositories(opts = {})
+	opts[:table] = :repositories
+	get(opts)
+    end
+
+    # Retrieve ssh keys.
+    # @param [Hash] opts options, see {Golem::DB}.
+    # @return [Array] list of keys.
+    def ssh_keys(opts = {})
+	opts[:table] = "keys join users on keys.user_name=users.name"
+	get(opts)
+    end
+
+    # Setup schema.
+    # @return [PGRes] result.
+    def setup
+	@connection.exec(File.read(File.expand_path(File.dirname(__FILE__) + '/postgres.sql')))
+    end
+
+    private
+	def get(opts = {})
+	    table = opts.delete(:table) || ''
+	    fields = opts.delete(:fields) || ['*']
+	    fields = [fields] unless fields.is_a?(Array)
+	    order = opts.delete(:order)
+	    limit = opts.delete(:limit)
+	    ret_array = opts.delete(:return) == :array
+	    sql = "SELECT #{fields.collect {|f| f.to_s}.join(', ')} FROM #{table.to_s}"
+	    sql += " WHERE #{opts.keys.enum_for(:each_with_index).collect {|k, i| k.to_s + ' = $' + (i + 1).to_s}.join(' AND ')}" if opts.length > 0
+	    sql += " ORDER BY #{order.to_s}" if order
+	    sql += " LIMIT #{limit.to_s}" if limit
+	    res = @connection.exec(sql, opts.values)
+	    ret_fields = fields === ['*'] ? res.fields : fields
+	    ret = res.collect do |row|
+		if ret_array
+		    v = ret_fields.collect {|f| row[f.to_s]}
+		    v.length == 1 ? v.first : v
+		else
+		    ret_fields.inject({}) do |memo, field|
+			memo[field.to_sym] = row[field.to_s]
+			memo
+		    end
+		end
+	    end
+	    res.clear
+	    ret
+	end
+end

data/lib/golem/db/postgres.sql

@@ -0,0 +1,19 @@
+CREATE TABLE users (
+    name varchar(32) NOT NULL PRIMARY KEY,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE keys (
+    user_name varchar(32) NOT NULL REFERENCES users (name) ON DELETE no action ON UPDATE no action,
+    key varchar(1024) NOT NULL UNIQUE,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (user_name, key)
+);
+
+CREATE TABLE repositories (
+    name varchar(32) NOT NULL PRIMARY KEY,
+    user_name varchar(32) NOT NULL REFERENCES users (name) ON DELETE no action ON UPDATE no action,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);

data/lib/golem/db/static.rb

@@ -0,0 +1,66 @@
+# Static database for small installations. To use it, write:
+#  Golem.configure do |cfg|
+#    cfg.db = 'static'
+#    Golem::DB.setup do |db|
+#      db.add_user 'test_user'
+#      db.add_repository 'test_repository', 'test_user'
+#      db.add_key 'test_user', 'test_key'
+#    end
+#  end
+class Golem::DB::Static
+    # Create database, initialize users, repositories and ssh_keys to [].
+    def initialize
+	@users, @repositories, @ssh_keys = [], [], []
+    end
+
+    # Retrieve users.
+    # @param [Hash] opts options, see {Golem::DB}.
+    # @return [Array] list of users.
+    def users(opts = {})
+	opts[:return] == :array ? @users.collect {|u| u[:name]} : @users
+    end
+
+    # Retrieve repositories.
+    # @param [Hash] opts options, see {Golem::DB}.
+    # @return [Array] list of repotitories.
+    def repositories(opts = {})
+	opts[:return] == :array ? @repositories.collect {|r| r[:name]} : @repositories
+    end
+
+    # Retrieve ssh keys.
+    # @param [Hash] opts options, see {Golem::DB}.
+    # @return [Array] list of keys.
+    def ssh_keys(opts = {})
+	opts[:return] == :array ? @ssh_keys.collect {|k| [k[:user_name], k[:key]]} : @ssh_keys
+    end
+
+    # Add user to database.
+    # @param [String] name username,
+    # @return [Array] list of users.
+    def add_user(name)
+	@users << {:name => name}
+    end
+
+    # Add repository to database.
+    # @param [String] name repository name,
+    # @param [String] user_name username.
+    # @return [Array] list of repositories.
+    def add_repository(name, user_name)
+	abort "Cannot add repository, user not found!" unless users(:return => :array).include?(user_name)
+	@repositories << {:name => name, :user_name => user_name}
+    end
+
+    # Add key to database.
+    # @param [String] user_name username,
+    # @param [String] key ssh key (e.g. +cat id_rsa.pub+).
+    # @return [Array] list of keys.
+    def add_key(user_name, key)
+	abort "Cannot add key, user not found!" unless users(:return => :array).include?(user_name)
+	@ssh_keys << {:user_name => user_name, :key => key}
+    end
+
+    # Setup database.
+    def setup(&block)
+	yield self
+    end
+end